Discover and classify sensitive data
One of the first steps to properly managing your sensitive data is knowing where it exists. Cloud DLP gives you the power to scan, discover, classify, and report on data from virtually anywhere. Cloud DLP has native support for scanning and classifying sensitive data in Cloud Storage, BigQuery, and Cloud Datastore and a streaming content API to enable support for additional data sources, custom workloads and applications.
Automatically mask your data to safely unlock more of the cloud
Today your data is your most critical asset. Cloud DLP provides tools to classify, mask, tokenize, and transform sensitive elements to help you better manage the data that you collect, store, or use for business or analytics. For example, features like format-preserving encryption or tokenization allow you to preserve the utility of your data for joining or analytics while obfuscating the raw sensitive identifiers.
Built to easily fit into your workloads
Cloud DLP architecture includes several features to make it easy to use in small or large operations. Templates for inspection and de-identification allow you to define configurations once and use them across requests. DLP job triggers and actions allow you to kick off inspection jobs periodically and generate Cloud Pub/Sub notifications when jobs are complete. See this tutorial on using DLP with Cloud Functions to automatically classify data in Cloud Storage.
Enhance your understanding of data privacy risk
Quasi-identifiers are partially identifying or elements or combinations of data that may link to a single person or a very small group. Cloud DLP allows you to measure statistical properties such as k-anonymity and l-diversity, expanding your ability to understand and protect data privacy.
- Flexible classification
- 90+ pre-defined detectors with a focus on quality, speed, scale. Detectors are improving and expanding all the time. A full list of detectors is available in the documentation.
- Secure data handling
- Cloud DLP handles your data securely and undergoes several independent third-party audits to test for data safety, privacy, and security. Read more on our compliance page.
- Custom detectors
- Extend the power of Cloud DLP with custom-defined detection, including custom dictionaries that can scale to millions of entries, pattern recognition, exclusion rules, and context rules.
- Easy workload integration
- Efficiently deploy DLP with reusable templates, monitor your data with periodic scans, and integrate into serverless architecture with Cloud Pub/Sub notifications.
- Likelihood scores
- Customize the sensitive data detection threshold to fit your needs and reduce noise.
- Pay-as-you-go pricing
- Cloud DLP is charged based on the amount of data processed, not based on a subscription service or device. This customer-friendly pricing allows you to pay as you go and not in advance of demand.
- No hardware or deployments to manage
- Cloud DLP is ready to go, no need to manage hardware, VMs, or scale. Just send a little or a lot of data and Cloud DLP scales for you.
- Detailed findings
- Classification results can be sent directly into BigQuery for detailed analysis or export into other systems. Custom reports can easily be generated in Cloud Data Studio.
- Simple and powerful redaction
- De-identify your data: redact, mask, tokenize, and transform text and images to help ensure data privacy.
- REST API
- The DLP API is an HTTP REST API that can be used on data inside or outside of GCP and from mobile devices, IoT devices, and browsers.